Bug#556388: Problem with cyrus-common-2.2.postinst script

Ondřej Surý ondrej at sury.org
Tue Sep 27 13:33:04 UTC 2011 

Version: 2.2.13-19

Hi,

thanks for catching that, I have further optimized the code in
cyrus-imapd-2.4 to:

find "$confdir" \( -not -user cyrus -or -not -group mail \) -execdir
chown cyrus:mail '{}' \;

find "$i" \( -not -user cyrus -or -not -group mail \) -execdir chown
cyrus:mail '{}' \;

find "$sievedir" \( -not -user cyrus -or -not -group mail \) -execdir
chown cyrus:mail '{}' \;

Anyway in cyrus-imapd-2.4 there's a code which runs this code only on
new installs.


I am afraid that oldstable will not receive this optimization, it's
not security related.

And squeeze has this optimization:

        if [ "$2" = "" ] || dpkg --compare-versions "$( echo $2 | cut
-d- -f2)" lt "2.2.13" ; then
                cyrus-makedirs --cleansquat
        fi

So it should not be run on upgrade from lenny to squeeze and I think I
can close this bug for squeeze and sid.

O.

On Tue, Sep 27, 2011 at 13:32, Bas van Sisseren <bas at quarantainenet.nl> wrote:
> Hello,
>
> It would help a lot to change these lines in /usr/sbin/cyrus-makedirs:
>
> (line 92)
> find "$confdir" -print0 \( -not -user cyrus -or  -not -group mail \) | xargs
> -r -0 chown cyrus:mail
>
> (line 105)
> find "$i" -print0 \( -not -user cyrus -or  -not -group mail \) | xargs -r -0
> chown cyrus:mail
>
> (line 118)
> find "$sievedir" -print0 \( -not -user cyrus -or  -not -group mail \) |
> xargs -r -0 chown cyrus:mail
>
>
> into:
>
> (line 92)
> find "$confdir" \( -not -user cyrus -or  -not -group mail \) -print0 | xargs
> -r -0 chown cyrus:mail
>
> (line 105)
> find "$i" \( -not -user cyrus -or  -not -group mail \) -print0 | xargs -r -0
> chown cyrus:mail
>
> (line 118)
> find "$sievedir" \( -not -user cyrus -or  -not -group mail \) -print0 |
> xargs -r -0 chown cyrus:mail
>
>
> This way the file is only chowned when the user/group is incorrect. With the
> -print0 statement in the front, just all files are printed, user cyrus or not..
>
> If another security update will be released for oldstable, I would really
> like this fix. Without the fix, the upgrade took me more than 1.5 hours
> downtime. With the fix, this will probably be only 5 minutes.
>
>
> Regards,
>
> Bas van Sisseren
>
> --
> Bas van Sisseren <bas at quarantainenet.nl>
> Quarantainenet
>
>
>
> _______________________________________________
> Pkg-Cyrus-imapd-Debian-devel mailing list
> Pkg-Cyrus-imapd-Debian-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-cyrus-imapd-debian-devel
>



-- 
Ondřej Surý <ondrej at sury.org>

More information about the Pkg-Cyrus-imapd-Debian-devel mailing list